This is not a full solution to the challenge. The challenge was to write a code that could be executed as C, Python 2, Python 3, Ruby and Haskell to print the content of flag file . But I couldn't finish off the Haskell part. Below is the code:
renorobert@ubuntu:/host/HITCON$ cat flag
TEST____FLAG
renorobert@ubuntu:/host/HITCON$ cat upload.c
#/*
cat = flag = 0
exec("cat<flag;exit;\n__import__('os').system('cat flag');")
"""
*/
void main()
{
char command[] = {'c','a','t',' ','f','l','a','g','\x00'};
system(command);
}/*
"""
#*/
renorobert@ubuntu:/host/HITCON$ python2 upload.c
TEST____FLAG
renorobert@ubuntu:/host/HITCON$ python3 upload.c
TEST____FLAG
renorobert@ubuntu:/host/HITCON$ ruby upload.c
TEST____FLAG
renorobert@ubuntu:/host/HITCON$ gcc upload.c && ./a.out
TEST____FLAG
Ruby's exec() treats cat<flag as shell command for printing the flag. Python's exec() treats cat<flag as code, thus being treated as conditional statement by initializing cat and flag variables. Then os.system() prints the flag.
No comments :
Post a Comment